Does serverless really have a dominant position in the IT landscape?

We recently presented the most interesting results introduced in the academic research titled “Peeking Behind the Curtains of Serverless Platforms”. But nothing is better than allowing the researchers to shed some light on their work! For this reason, we invited Liang Wang, who co-authored the paper, to answer some questions on behalf of the team behind the research Mengyuan Li, Yinqian Zhang, Thomas Ristenpart, and Michael Swift.

JAXenter: To start things off, how did you all meet? You seem like a very interestingly diverse group!

Liang Wang: Prof. Swift and Prof. Ristenpart are my advisors. (Prof. Ristenpart used to work at UW-Madison and I have been working with him on cloud security related projects for many years.), and they have collaborated with Prof. Zhang before. So when my advisors found that Prof. Zhang and his student, Mengyuan, were also interested in serverless computing, we decided to work together.

LIVING IN A POST-CONTAINER WORLD
Free: Brand new Serverless Architecture Whitepaper

Stay on top of the latest trends with the help of our Serverless Architecture Whitepaper. Get deep insights on serverless platforms, cloud-native architecture, cloud services, the Kubernetes ecosystem (Knative, Istio etc.) and much more!

JAXenter:Back to our main topic: serverless! At JAXenter we are constantly reviewing new reports that come in emphasizing the fact that serverless is taking over the IT world. A year ago, experts were saying that serverless “is going to be the next big thing” and now we are going through the era of serverless’ domination. What are your thoughts on that? Is serverless indeed dominating or we haven’t even seen half of it yet?

Liang Wang: Indeed, serverless is a hot topic in both industry and academia. Its ecosystem evolves every day and I think it will be a big thing in the future. But, it’s not dominating at this time for two main reasons: (1) As shown in our paper, serverless platforms are not mature and have some unaddressed issues that could hinder the adoption for many potential users. (2) Based on our observations, serverless is mostly used for performing specific types of tasks (web applications, image processing, etc.) rather than being treated as a general-purpose platform. In fact, serverless could be suitable for a broader set of scenarios. Researchers have already proposed several novel serverless applications, e.g., Prof. Keith Winstein from Stanford has built serverless-based GCC and low-latency video processing system. I think more interesting serverless applications will emerge in the future.

JAXenter:Serverless technology has overcome significant limitations so far. What obstacles do we still have to overcome? What is the most important limitation to serverless that we don’t have an answer to yet?

Liang Wang: We already know many good design patterns of serverless applications, but what are the anti-patterns? Many companies want to migrate their applications to serverless, however, there is no guidance demonstrating how to do that properly. One may have performance/cost penalties by moving some random parts of their application to serverless. It’s important to understand the performance characteristics of serverless platforms and figure out an optimal and systematic way to “transform” a conventional monolithic application into a serverless form that can fully leverage the performance benefits offered by serverless.

We also need to improve the security of serverless. A serverless application that consists of multiple functions is essentially a distributed application, making debugging more difficult and posing an enlarged attack surface. Numerous security vulnerabilities in Linux containers, which are the building block for many serverless platforms, have been reported in the past years. These vulnerabilities could be leveraged by attackers to perform side-channel attacks, container-escaping attacks, and more. Users also have concerns about the security of the function runtime — providers might provide outdated and vulnerable libraries in the runtime, which could jeopardize the security of functions. We haven’t heard much about vulnerabilities in serverless computing being exploited in the wild, but as it becomes increasingly popular, serverless might attract more attention from attackers.

The most important limitation is its unpredictable performance. As shown in our paper, coldstart latency, and network and I/O throughput of a serverless application can fluctuate greatly. This could be caused by various issues: resource contention, unstable network environment, implementation bugs, etc. Some of the issues stem from the platform design and are not easy to fix. The trade-off between resource utilization and performance of serverless platforms is a good example: if providers want to utilize their VMs more efficiently, they have to run as many functions as possible on the same VM, which could result in more severe resource contention and performance fluctuation. We have seen many users complained about performance, but unfortunately no significant improvement so far. Better performance isolation mechanisms are needed in the future.

JAXenter:Let’s talk a bit about your paper “Peeking Behind the Curtains of Serverless Platforms”. This research offers amazingly rich data and valuable insight into the three big serverless platforms. One of the most interesting points in the paper was the reveal of several resource accounting issues. To your knowledge, have these issues been dealt with? Do you aspire for the results of your research to be used by the big three serverless providers in order to improve their services?

Liang Wang: Yes, they have fixed the accounting issues. And yes, we expected to see that our study can inspire existing and future serverless providers to improve their platforms. This is one of the goals of our study. Actually, we have contacted the providers and disclosed the issues to them before the paper was published. Their feedback was constructive.

JAXenter:Let me ask you one final question: I am sure you have been asked this question many times but could you share your thoughts with us on what the future holds for serverless?

Liang Wang: I think both industry and academia will actively work on improving serverless computing, in terms of functionality, security, performance, and resource management. People will soon realize serverless is a general-purpose programming model. We expect to see more sophisticated, diverse serverless applications that can leverage the full potential of serverless in the future.

Liang Wang is a graduate student in the Computer Science Department at the University of Wisconsin – Madison and he is a member of WISDoM. He got his bachelor degree in Information Security from Harbin Institute of Technology – Weihai in 2012. His research interests are security and privacy. Currently, he is working with Prof. Michael Swift and Prof. Thomas Ristenpart.